This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark hsts

0

Hi,

how can I use Wireshark to see if a particular web site, web app is using HSTS?

Thanks

asked 17 Feb '17, 05:35

adasko's gravatar image

adasko
86343842
accept rate: 0%


2 Answers:

0

IF you can decrypt the HTTP exchange between server and client, you can check to see if the HSTS header is present in the HTTP response from the server. IF NOT then you can't.

answered 17 Feb '17, 08:15

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

0

As Jaap said: If you can decrypt the traffic you will be able to see the HSTS header.

If not you can use the Web Developer tools in your browser (available in/for Chrome, Safari, Firefox, Internet Explorer) or you can configure a proxy like Fiddler to see the headers.

answered 17 Feb '17, 11:22

Uli's gravatar image

Uli
9031515
accept rate: 29%

cURL does it without acting as a proxy and without having to decrypt the payload:

https://www.owasp.org/index.php/Test_HTTP_Strict_Transport_Security_(OTG-CONFIG-007)

(17 Feb '17, 11:58) adasko

cURL does receive the plain text payload though, the library it uses for the TLS connection does the decryption for it.

Wireshark does not originate any connections so do not have access to the key, and hence the plain text payload unless the user provides the keying material.

(18 Feb '17, 02:04) grahamb ♦